Project

General

Profile

Actions

Support #7281

open

DNS Alerts Only Triggering on UDP, Not TCP – Is This Normal?

Added by Carlos Melero about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Affected Versions:
Label:

Description

Hi everyone,

I'm a beginner with Security Onion, so I hope I'm asking this the right way!

I'm using Security Onion with Suricata running in Docker (version 7.0.6). I’ve noticed that DNS-related alerts are only being generated when the protocol is UDP, but not for TCP.

Is this expected behavior, or could it be a bug or misconfiguration on my end?

Any help or guidance would be greatly appreciated.

Thank you in advance!

Best regards,
Carlos

Actions

Also available in: Atom PDF